75
rabbi
4y

So pm2 (a node process manager package on npm) just caused thousands of CI builds to fail because of an "optionalDependency" on a package called gkt which is requested as a tarball from a server that was returning 503. That package consists of one file which contains this

Comments
  • 23
    Welcome to open source. Where anarchy is expected to work just fine.
  • 21
    Reminds of lpad npm dependency controversy

    https://qz.com/646467/...
  • 5
    @noder now in all honesty.. who the fuck says no to 30k $ for a fucken project.
  • 2
    And external dependencies are the way forward 😂
  • 5
    @nitwhiz as I understand he asked for 30k and was rejected
  • 4
    And this is why I shiver at the thought when I look at just about any websites source code or just the rendered HTML source and think maintaining it with all those external libraries and dependencies just "hanging about" ... one tiny 'oops' and "Poof" goes half the site.
  • 1
    I mean, it's an optional dependency after all :P
  • 5
    And the worst part is how everyone just took it at face value without asking weather or not it happened.

    So here's the github issue https://github.com/Unitech/pm2/...

    And here's the company behind PM2's reason for that "optional dependency" https://twitter.com/keymetrics_io/...

    (And i have no idea about the supposed thousands of CI builds)
  • 3
    @nitwhiz Actually this is more of a lesson in why reinventing the wheel is a bad idea, something I've heard happens a lot in closed source environments
  • 3
    @irene - lpad has 11 lines, but check this one 'isarray' - https://npmjs.com/package/isarray/

    It has 21M weekly downloads, but the actual code is just 4 lines - https://github.com/juliangruber/...

    Fun part is, there is another NPM package that does the same as 'isarray' - 'is-array' (with a hyphen).
  • 1
    awesome, isnt it? lets let the community manage packages
  • 3
    @noder even more funny thing is that ES6 supports that natively.
    Array.isArray
  • 7
    @Froot - Even more funnier is that the isarray npm package internally uses Array.isArray
  • 4
    @noder that's.... That's genius actually.
    And here I am writing libraries that actually do shit that isnt covered by other libraries out there. Fuck me
  • 1
    Welcome to NPM Hell.
  • 2
    @nitwhiz fuck that was good....stealing it
  • 1
    wtf im in agony and in insane laughter at the same time.
Add Comment